1. Field of the Invention
The present invention relates to encryption of data within computer systems. More particularly, the present invention relates to a method and an apparatus for encrypting and decrypting item of data based upon multiple responses received from a user.
2. Related Art
The advent of computer networks, such as the Internet, has led to an explosion in the development of applications that facilitate rapid dissemination of information. It is presently possible to access information from millions of interconnected computers worldwide through a simple network connection.
One problem with this increased availability of information is that it is becoming increasingly harder to keep sensitive information confidential. Many individuals within an organization work with sensitive information that must be kept secret from competitors of the organization. This data typically resides in electronic form on networked computer systems. Data stored in this way can be easily copied onto a disk or transported across a computer network. Consequently, such data can easily end up in the wrong hands.
One way to remedy this problem is to xe2x80x9cencryptxe2x80x9d sensitive data using an encryption key so that only someone who possesses a corresponding decryption key can decrypt the message. (Note that for commonly used symmetric encryption mechanisms the encryption key and the decryption key are the same key.) In this way, a person working with sensitive data can use a personal encryption key to encrypt the sensitive data. This personal encryption key can be automatically formed from a password that is supplied by the user.
Unfortunately, using passwords to encrypt data can create administrative problems because passwords are commonly forgotten. This is especially a problem when passwords must be periodically changed for security reasons. Consequently, system administrators are continually responding to calls related to forgotten passwords.
System administrators typically deal with this problem by maintaining a backup copy of all user passwords, which enables the system administrators to lookup forgotten passwords. However, maintaining backup copies of passwords can severely compromise computer system security, because system administrators cannot always be trusted to safeguard sensitive information and passwords can easily end up in the wrong hands.
One solution to this problem is to use a key escrow system in which a personal encryption key (or password) to be split up into shares and distributed to multiple trusted parties. In order to reconstruct the personal encryption key, the shares must be gathered from the multiple trusted parties. Such key escrow systems can be quite effective. However, reconstructing a personal encryption key by gathering information from the multiple trusted parties can be a very time-consuming process, and is hence impractical to perform frequently.
What is needed is a mechanism that allows a personal encryption key to be reconstructed without requiring a user to remember a specific password that can easily be forgotten.
One embodiment of the present invention provides a system that facilitates encrypting and decrypting a data item. The system operates by encrypting a data item with a session key using a symmetric encryption mechanism to produce an encrypted data item. Next, the system splits the session key into a plurality of shares so that the session key can be reconstituted from a predefined number of shares. The system also receives a plurality of responses from the user (which may be responses to questions), and encrypts the plurality of shares with the plurality of responses using the symmetric encryption mechanism to generate a plurality of encrypted shares. The plurality of encrypted shares are stored for later retrieval.
In one embodiment of the present invention, the system decrypts the data item by, receiving a plurality of new responses from the user, and attempting to decrypt the plurality of encrypted shares with the plurality of new responses. Note that a share will be successfully decrypted if a new response matches a response that was previously used to encrypt the share. If the predefined number of shares are successfully decrypted, the system uses the successfully decrypted shares to reconstitute the session key, and then uses the session key to decrypt the encrypted data item.
One embodiment of the present invention further comprises determining if a share from the plurality of shares can be decrypted by encrypting a marker with the share and looking for the marker in the share after the share is decrypted.
In one embodiment of the present invention, the data item includes a private key that is associated with a public key to form a public key-private key pair.
In one embodiment of the present invention, the password includes a passphrase that can be made up of more than one word.
In one embodiment of the present invention, the plurality of responses are answers to questions supplied by the user. In another embodiment, the plurality of responses are answers to default questions. In yet another embodiment, the plurality of responses are different passwords.
In one embodiment of the present invention, there are five shares, and three out of the five shares can be used to reconstitute the session key.
In one embodiment of the present invention, receiving the session key further comprises generating the session key using a random number generator.
One embodiment of the present invention provides a system that facilitates encrypting and decrypting a private key. The system operates by generating a session key and encrypting the private key with the session key using a symmetric encryption mechanism to generate an encrypted private key. The system encrypts the session key with a password belonging to a user using the symmetric encryption mechanism to produce an encrypted session key. The system splits the session key into a plurality of shares so that the session key can be reconstituted from a predefined number of shares from the plurality of shares. The system next receives a plurality of responses from a user and hashes each of the plurality of responses with a first value to produce a first plurality of hashed responses. Next, the system encrypts the plurality of shares with the first plurality of hashed responses to generate a plurality of encrypted shares. The system also hashes each of the plurality of responses with a second value to produce a second plurality of hashed responses, and then encrypts the plurality of encrypted shares with the second plurality of hashed responses to generate a plurality of final encrypted shares. Finally, the system sends the plurality of final encrypted shares to a server so that the server can store the plurality of final encrypted shares.
In one embodiment of the present invention, the system decrypts the encrypted private key when the password is unavailable by, receiving a plurality of new responses from the user and hashing each of the plurality of new responses with the first value to produce a first plurality of hashed new responses. The system also hashes each of the plurality of new responses with the second value to produce a second plurality of hashed new responses. The system sends the second plurality of hashed new responses from a computer system belonging to the user to the server. At the server, the system attempts to decrypt the plurality of final encrypted shares with the second plurality of hashed new responses. Note that successfully decrypting a share from the plurality of final encrypted shares results in a corresponding share from the plurality of encrypted shares. If the predefined number of shares are successfully decrypted, the server sends the successfully decrypted shares to the computer belonging to the user. At the computer, the system decrypts the successfully decrypted shares with the first plurality of hashed new responses to produce the predefined number of shares of the session key. The system uses the predefined number of shares to reconstitute the session key, and decrypts the encrypted private key with the session key.